LDAP and account experation date

59 views

Skip to first unread message

Predrag Punosevac

unread,

Oct 26, 2020, 9:24:51 PM10/26/20

to springdale-users

Dear All,

I was wondering if you could kindly share with me your account expiration settings. Namely, I would like LDAP user accounts to be automatically disabled after certain date.

I tried using shadowExpire LDAP attribute.

I am using OpenBSD build in LDAP server as my centralized authentication and authorization server for our not so small ML Lab. I do have

shadowExpire: 15159

attribute set for each user just like in this document (note that 15159 is the time in days from the UNIX epoch, I also tried setting up in seconds).

http://sysadminhelp.cms.caltech.edu/sysadmin/security/

I also edited my sssd.conf file accordingly per only document I found on this topic on the Red Hat portal

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sssd-pwd-expiry

[domain/EXAMPLE]

access_provider = ldap

ldap_pwd_policy = shadow

ldap_access_order = pwd_expire_policy_reject

I also see this link

https://access.redhat.com/solutions/3223101

but I don't have Red Hat subscription. I am sure I am not the only one trying to implement account expiration policy.

Cheers,

Predrag

Reply all

Reply to author

Forward

0 new messages